General

  • Target

    script.ps1

  • Size

    5KB

  • Sample

    241110-wx7d7asemh

  • MD5

    53edf2bc3f9c5a3cefdf5d5404e62aa2

  • SHA1

    84f415f521420a902f1d796c08c97f5eb20e7d69

  • SHA256

    91329c2b186e14fc7264018e1ada7df4b22a7b47fd59d5144b916aa05850f97b

  • SHA512

    91b1031bccb4d5c576f0b9061bb054f2cad22a19a4ceed9c747327d9437bc0975073708ed6bbcf24a2c02b52f72540eec8b5b96110bf1a598d3f5f27d5a5c0cd

  • SSDEEP

    96:T3jL1XW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8a:T3jLRWYoM3LbRRveO4JXnrJxQpu8fjrR

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://discord.com/api/webhooks/1305222842962677880/RET1goVsb6NqqkFKByr48S9Q7-9hwIHuCA1z1MRogltLQf8iK73DuFJyXXVx9xoCyzoa

Targets

    • Target

      script.ps1

    • Size

      5KB

    • MD5

      53edf2bc3f9c5a3cefdf5d5404e62aa2

    • SHA1

      84f415f521420a902f1d796c08c97f5eb20e7d69

    • SHA256

      91329c2b186e14fc7264018e1ada7df4b22a7b47fd59d5144b916aa05850f97b

    • SHA512

      91b1031bccb4d5c576f0b9061bb054f2cad22a19a4ceed9c747327d9437bc0975073708ed6bbcf24a2c02b52f72540eec8b5b96110bf1a598d3f5f27d5a5c0cd

    • SSDEEP

      96:T3jL1XW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8a:T3jLRWYoM3LbRRveO4JXnrJxQpu8fjrR

    Score
    8/10
    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks